Using Roles

After you have set up roles with default Oracle Solaris rights profiles,
and assigned the roles to users, the roles can be used. A
role can be assumed on the command line. In the Solaris Management Console,
a role can also be used for administering the system locally and
over the network.

How to Assume a Role in a Terminal Window

Before You Begin

The role must already be assigned to you. The name service must
be updated with that information.

In a terminal window, determine which roles you can assume.

% roles
Comma-separated list of role names is displayed

Use the su command to assume a role.

% su - rolename
Password: <Type rolename password>
$

The su -rolename command changes the shell to a profile shell for
the role. A profile shell recognizes security attributes (authorizations, privileges, and set
ID bits).

In the following example, the user assumes the role of Primary Administrator.
In the default configuration, this role is equivalent to superuser. The role
then checks to see which privileges are available to any command that
is typed in the profile shell for the role.

In the following example, the user assumes the role of System Administrator.
In contrast to the Primary Administrator role, the System Administrator has the
basic set of privileges in its effective set.

How to Assume a Role in the Solaris Management Console

To change information in the Solaris Management Console GUI requires administrative capabilities.
A role gives you administrative capabilities. If you want to view information,
you must have the solaris.admin.usermgr.read authorization. The Basic Solaris User rights profile includes
this authorization.

Before You Begin

An administrative role that can change the properties of users or roles
must have already been assigned to you. For example, the Primary Administrator
role can change the properties of users or roles.

Navigate to the toolbox that contains the tool or collection in the
appropriate name service scope and click the icon. The scopes are files
(local), NIS, NIS+, and LDAP. If the appropriate toolbox is not displayed in
the navigation pane, choose Open Toolbox from the Console menu and load
the relevant toolbox.

Select the tool that you want to use.

Navigate to the tool or collection and click the icon. The tools
for managing the RBAC elements are in the Users tool, as shown
in the following figure.

Type your user name and password in the Login: User Name dialog
box.

Authenticate yourself in the Login: Role dialog box.

The Role option menu in the dialog box displays the roles that
are assigned to you. Choose a role and type the role password.